Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. Date published : 2005-09-21 http://www.securityfocus.com/bid/14871 http://marc.info/?l=bugtraq&m=112716394925851&w=2
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter...
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4)...
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php,...
Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php,...
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. Date published : 2005-09-21 http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter...
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5)...
Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL. Date published : 2005-09-21 http://www.securityfocus.com/bid/14868 http://marc.info/?l=bugtraq&m=112715234411672&w=2
PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and...
Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. Date published : 2005-09-21 http://www.phpnuke.org/modules.php?name=News&file=article&sid=7435 http://secunia.com/advisories/16843
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. Date published : 2005-09-21 http://www.securityfocus.com/bid/14845 http://www.securityfocus.com/bid/14846
Cross-site scripting (XSS) vulnerability in Ensim webplliance allows remote attackers to inject arbitrary web script or HTML via the Login (OCW_login_username) field. Date published : 2005-09-21 http://www.securityfocus.com/bid/14836 http://membres.lycos.fr/newnst/exploit/Ensim_Autentification_XSS_By_ConcorDHacK.html
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry. Date published : 2005-09-21 http://www.securityfocus.com/bid/14861 http://www.novell.com/linux/security/advisories/2005_22_sr.html